Cybersecurity Operations Engineer

About The Position

Requirements

• Must be a US Citizen with the ability to obtain a US Government security clearance
• Bachelor's Degree in the following area(s): Cybersecurity, Information Technology, Computer Science, or related field, four additional years of experience can be substituted for a degree
• 8 years of hands-on experience in cybersecurity operations, incident response, or security engineering roles
• Experience with endpoint protection platforms
• Experience with cloud security concepts and tools (Wiz, AWS security services, or similar)
• Experience with SIEM platforms, log analysis, and security event correlation
• Experience with NIST 800-171, CMMC, and DFARS cybersecurity requirements

Nice To Haves

• Professional certifications such as CISSP, GCIH, GCFA, or CEH
• Experience operating in aerospace, defense, or DoD/CMMC regulated environments
• Scripting/automation skills (PowerShell, Python) for security operations tasks
• Strong collaboration skills and ability to work effectively with cross-functional teams during complex security incidents
• Experience with the M365 Security stack (Defender, Sentinel, MDC, Purview)
• Experience with Tenable One
• Experience with centralized enterprise logging
• Experience with network security, including IDS/IPS, firewalls, and security architecture.

Responsibilities

• Act as liaison with our Managed Security Service Provider (MSSP), reviewing Tier 1/2 alert summaries, validating findings with organizational context, and facilitating escalations for hands-on resolution
• Conduct real-time troubleshooting, log analysis, endpoint forensics, and containment actions on internal systems using tools like MS Defender, Wiz, and Tenable.
• Participate in incident response activities, ensuring timely communication with stakeholders and proper documentation of security events
• Coordinate incident response activities across cross-functional teams, ensuring timely containment, eradication, and recovery actions align with organizational priorities and compliance requirements
• Support our endpoint security solutions, including EDR (Endpoint Detection & Response) solutions across the enterprise
• Monitor endpoint compliance, investigate agent health issues, and coordinate remediation with IT teams
• Maintain operational access to security tools for investigation and response purposes (not responsible for development, architecture, or tuning of SOC tools)
• Perform regular health checks, updates, and optimization of security agents to ensure maximum coverage and performance across all organizational assets
• Develop and maintain documentation for security agent configurations, deployment procedures, and troubleshooting workflows to support operational continuity
• Monitor and analyze firewall logs for security events and anomalies in coordination with MSSP
• Support firewall rule change requests, performing security impact assessments, and documentation
• Conduct periodic firewall policy reviews to identify overly permissive rules and ensure alignment with least-privilege principles
• Coordinate with network engineering on firewall-related security incidents and configuration changes
• Maintain firewall documentation, including rule justifications, change logs, and security baselines
• Participate in firewall architecture discussions to ensure security requirements are incorporated
• Participate in post-incident reviews and root cause analysis, documenting lessons learned to enhance response playbooks aligned with NIST 800-171/CMMC requirements
• Contribute to the refinement of MSSP SLAs, escalation procedures, and operational runbooks
• Generate compliance reports, executive briefings, and threat intelligence summaries for leadership and cross-functional teams (IT, Legal, Governance, Program Security)
• Monitor and report on MSSP performance metrics, contributing to quarterly vendor reviews and integrating findings into risk management workflows
• Identify gaps in security coverage and recommend process improvements
• Participate in tabletop exercises and security drills to validate response capabilities
• Integrate security findings into enterprise risk management workflows
• Serve as security subject matter expert for internal projects and initiatives
• Maintain currency with emerging threats, vulnerabilities, and security technologies relevant to the aerospace/defense sector

Benefits

• paid time off
• health and welfare insurance
• 401(k)
• incentive eligible with a target based on contribution, company performance, and/or individual results achieved